Interface
|
Name of a port.
|
All levels
|
MAC address
|
The MAC address of the connected
supplicant on the port.
|
All levels
|
Role
|
The 802.1X authentication role of the interface. When
802.1X is enabled on an interface, the role is Authenticator. As Authenticator, the interface blocks LAN access until
a supplicant is authenticated through 802.1X or MAC RADIUS authentication.
|
brief, detail
|
State
|
The state of the port:
- Authenticated—The supplicant has been authenticated
through the RADIUS server or has been permitted access through server
fail fallback.
- Authenticating—The supplicant is authenticating
through the RADIUS server.
- Held—An action has been triggered through
server fail fallback during a RADIUS server timeout. A supplicant
is denied access, permitted access through a specified VLAN, or maintains
the authenticated state granted to it before the RADIUS server timeout
occurred.
|
brief
|
Administrative state
|
The administrative state of the port:
- auto—Traffic is allowed through the port
based on the authentication result. (Default)
- force-authorize—All traffic flows through
the port irrespective of the authentication result. This state is
not allowed on an interface whose VLAN membership has been set to dynamic.
- force-unauthorize—All traffic drops on
the port irrespective of the authentication result. This state is
not allowed on an interface whose VLAN membership has been set to dynamic.
|
detail
|
Supplicant
|
The mode for the supplicant:
- single—Authenticates only the first supplicant.
All other supplicants who connect later to the port are allowed full
access without any further authentication. They effectively “piggyback”
on the first supplicant’s authentication.
- single-secure—Allows only one supplicant
to connect to the port. No other supplicant is allowed to connect
until the first supplicant logs out.
- multiple—Allows multiple supplicants to
connect to the port. Each supplicant is authenticated individually.
|
detail
|
Quiet period
|
The number of seconds the port remains in the wait state
following a failed authentication exchange with the supplicant before
reattempting the authentication. The default value is 60 seconds.
The range is 0 through 65,535 seconds.
|
detail
|
Transmit period
|
The number of seconds the port waits before retransmitting
the initial EAPOL PDUs to the supplicant. The default value is 30
seconds. The range is 1 through 65,535 seconds.
|
detail
|
MAC radius
|
MAC RADIUS authentication:
- enabled—The switch sends an EAPOL request
to the connecting host to attempt 802.1X authentication and if the
connecting host is unresponsive, the switch tries to authenticate
using the MAC address.
- disabled—The default. The switch will not
attempt to authenticate the MAC address of the connecting host.
|
detail
|
MAC radius restrict
|
The authentication method is restricted to MAC RADIUS
only. 802.1X authentication is not enabled.
|
detail
|
Reauthentication
|
The reauthentication state:
- disable—Periodic reauthentication of the
client is disabled.
- interval—Sets the periodic reauthentication
time interval. The default value is 3600 seconds. The range is 1 through
65,535 seconds.
|
detail
|
Supplicant timeout
|
The number of seconds the port waits for a response when
relaying a request from the authentication server to the supplicant
before resending the request. The default value is 30 seconds. The
range is 1 through 60 seconds.
|
detail
|
Server timeout
|
The number of seconds the port waits for a reply when
relaying a response from the supplicant to the authentication server
before timing out. The default value is 30 seconds. The range is 1
through 60 seconds.
|
detail
|
Maximum EAPOL requests
|
The maximum number of retransmission times of an EAPOL
request packet to the supplicant before the authentication session
times out. The default value is 2. The range is 1 through 10.
|
detail
|
Number of clients bypassed because of authentication
|
The number of non-802.1X clients granted access to the
LAN by means of static MAC bypass. The following fields are displayed:
- Client—MAC address of the client.
- vlan —The name of the VLAN to which the
client is connected.
|
detail
|
Guest VLAN member
|
The VLAN to which a supplicant is connected when the
supplicant is authenticated using a guest VLAN. If a guest VLAN is
not configured on the interface, this field displays <not configured>.
|
detail
|
Number of connected supplicants
|
The number of supplicants connected to a port.
|
detail
|
Supplicant
|
The user name and MAC address of the connected supplicant.
|
detail
|
Authentication method
|
The 802.1X authentication method used for a supplicant:
- Guest VLAN—A supplicant is connected to
the LAN through the guest VLAN.
- MAC Radius—A nonresponsive host is authenticated
based on its MAC address. The MAC address is configured as permitted
on the RADIUS server, the RADIUS server lets the switch know that
the MAC address is a permitted address, and the switch opens LAN access
to the nonresponsive host on the interface to which it is connected.
- Radius—A supplicant is configured on the
RADIUS server, the RADIUS server communicates this to the switch,
and the switch opens LAN access on the interface to which the supplicant
is connected.
- Server-fail deny—If the RADIUS servers
time out, all supplicants are denied access to the LAN, preventing
traffic from flowing from the supplicant through the interface. This
is the default.
- Server-fail permit—When the RADIUS server
is unavailable, a supplicant is still permitted access to the LAN
as if the supplicant had been successfully authenticated by the RADIUS
server.
- Server-fail use-cache—If the RADIUS servers
time out during reauthentication, previously authenticated supplicants
are reauthenticated, but new supplicants are denied LAN access.
- Server-fail VLAN—A supplicant is configured
to be moved to a specified VLAN if the RADIUS server is unavailable
to reauthenticate the supplicant. (The VLAN must already exist on
the switch.)
|
detail
|
Authenticated VLAN
|
The VLAN to which the supplicant is connected.
|
detail
|
Dynamic filter
|
User policy filter sent by the RADIUS server.
|
detail
|
Session Reauth interval
|
The configured reauthentication interval.
|
detail
|
Reauthentication due in
|
The number of seconds in which reauthentication will
occur again for the connected supplicant.
|
detail
|
